PoC || GTFO 0x04
Bookreader Item Preview
Share or Embed This Item
The fifth issue of PoC || GTFO, presented for your reading enjoyment.
Neighbors, please join me in reading this fifth issue of the International Journal of Proof of Concept or Get
the Fuck Out, a friendly little collection of articles for ladies and gentlemen of distinguished ability and taste
in the field of software exploitation and the worship of weird machines. If you are missing the first four issues,
we the editors suggest pirating them from the usual locations, or on paper from a neighbor who picked up a
copy of the first in Vegas, the second in São Paulo, the third in Hamburg, or the fourth in Heidelberg. This
fifth issue is written for the fine neighbors at Recon in Montréal.
We begin in Section 2, where Pastor Laphroaig presents his first epistle concerning the bountiful seeds of
0day, from which all clever and nifty things come. The preacherman tells us that the mechanism—not the
target!—is what distinguishes the interesting exploits from the mundane.
In Section 3, Shikhin Sethi presents the first in a series of articles on the practical workings of X86
operating systems. You’ll remember him from his prior boot sectors, such as Tetranglix in PoC GTFO 3:8
and Wódscipe, a 512-byte Integrated Development Environment for Brainfuck and ///. This installment
describes the A20 address line, virtual memory, and recursive page mapping.
The first of two 6502 articles in this issue, Section 4 describes Peter Ferrie’s patch to rebuild Prince of
Persia to remove copy protection and fit on a single, two-sided 16-sector floppy disk. (Artwork in this section
advertises the brilliant novella Prince of Gosplan by Виктор Пелевин. You should read it.)
The author of Section 5 provides a quick introduction to fuzzing with his rewrite of Sergey Bratus and
Travis Goodspeed’s Facedancer framework for USB device emulation.
In Section 6, Natalie Silvanovich continues the Tamagotchi hacking that you read about in PoC GTFO 2:4.
This time, there’s no software vulnerability to exploit; instead, she loads shellcode into the chip’s memory
and glitches the living hell out of its power supply with an AVR. Most of the time, this causes a crash, but
when the dice are rolled right, the program counter lands on the NOP sled and the shellcode is executed!
In Section 7, Evan Sultanik presents a provably plausibly deniable cryptosystem, one in which the ci-
phertext can decrypt to multiple plaintexts, but also that the file’s creator can deny ever having intended
for a particular plaintext to be present.
In Section 8, Deviant Ollam shares a forgotten trick for modifying normal locks with a tap and die to
make them pick resistant.
In Section 9, Travis Goodspeed presents an introductory tutorial on chip decapsulation and photography.
Please research and follow safety procedures, as chemical accidents hurt a lot more than a core dump.
In Section 10, Colin O’Flynn exploits a pin-protected external hard disk and a popular AVR bootloader
using timing and simple power analysis.
In Sections 11 and 12, our own Funky File Formats Polygot Ange Albertini shows how to hide a TrueCrypt
volume in a perfectly valid PDF file so that PDF readers don’t see it, and how to attach feelies ZIPs to PDF
files so that Adobe tools do see them as legitimate PDF attachments. (Yes, Virginia, there is such a thing
as a PDF attachment!)1
In Section 13, our Poet Laureate Ben Nagy presents his Ode to ECB accompanied by one of Natalie
Silvanovich’s brilliant public service announcements. Don’t let your penguin show!
Finally, in Section 14, we do what churches do best and pass around the donation plate. Please contribute
any nifty proofs of concept so that the rest of us can be enlightened!
One last thing before you dig poCoRgtfO
in. This issue is brought to you by Merchants of PoC. Are you a Merchant
of PoC, neighbor? Have you what it takes to follow the Great PoC Road, bringing the exotic treasures of
Far and Misunderstood Parts to your neighborhoods? Or are you a Merchant of Turing-complete Death and
Cyber-bullets? Fret not, neighbor: the only Merchants we fear are the Merchants of Ignorance, who seek to
ban or control what they don’t understand, and know not the harm they cause to the trade of Knowledge
and Understanding.
1So
now you can put your attachments inside your attachments—but I digress. –PML
Neighbors, please join me in reading this fifth issue of the International Journal of Proof of Concept or Get
the Fuck Out, a friendly little collection of articles for ladies and gentlemen of distinguished ability and taste
in the field of software exploitation and the worship of weird machines. If you are missing the first four issues,
we the editors suggest pirating them from the usual locations, or on paper from a neighbor who picked up a
copy of the first in Vegas, the second in São Paulo, the third in Hamburg, or the fourth in Heidelberg. This
fifth issue is written for the fine neighbors at Recon in Montréal.
We begin in Section 2, where Pastor Laphroaig presents his first epistle concerning the bountiful seeds of
0day, from which all clever and nifty things come. The preacherman tells us that the mechanism—not the
target!—is what distinguishes the interesting exploits from the mundane.
In Section 3, Shikhin Sethi presents the first in a series of articles on the practical workings of X86
operating systems. You’ll remember him from his prior boot sectors, such as Tetranglix in PoC GTFO 3:8
and Wódscipe, a 512-byte Integrated Development Environment for Brainfuck and ///. This installment
describes the A20 address line, virtual memory, and recursive page mapping.
The first of two 6502 articles in this issue, Section 4 describes Peter Ferrie’s patch to rebuild Prince of
Persia to remove copy protection and fit on a single, two-sided 16-sector floppy disk. (Artwork in this section
advertises the brilliant novella Prince of Gosplan by Виктор Пелевин. You should read it.)
The author of Section 5 provides a quick introduction to fuzzing with his rewrite of Sergey Bratus and
Travis Goodspeed’s Facedancer framework for USB device emulation.
In Section 6, Natalie Silvanovich continues the Tamagotchi hacking that you read about in PoC GTFO 2:4.
This time, there’s no software vulnerability to exploit; instead, she loads shellcode into the chip’s memory
and glitches the living hell out of its power supply with an AVR. Most of the time, this causes a crash, but
when the dice are rolled right, the program counter lands on the NOP sled and the shellcode is executed!
In Section 7, Evan Sultanik presents a provably plausibly deniable cryptosystem, one in which the ci-
phertext can decrypt to multiple plaintexts, but also that the file’s creator can deny ever having intended
for a particular plaintext to be present.
In Section 8, Deviant Ollam shares a forgotten trick for modifying normal locks with a tap and die to
make them pick resistant.
In Section 9, Travis Goodspeed presents an introductory tutorial on chip decapsulation and photography.
Please research and follow safety procedures, as chemical accidents hurt a lot more than a core dump.
In Section 10, Colin O’Flynn exploits a pin-protected external hard disk and a popular AVR bootloader
using timing and simple power analysis.
In Sections 11 and 12, our own Funky File Formats Polygot Ange Albertini shows how to hide a TrueCrypt
volume in a perfectly valid PDF file so that PDF readers don’t see it, and how to attach feelies ZIPs to PDF
files so that Adobe tools do see them as legitimate PDF attachments. (Yes, Virginia, there is such a thing
as a PDF attachment!)1
In Section 13, our Poet Laureate Ben Nagy presents his Ode to ECB accompanied by one of Natalie
Silvanovich’s brilliant public service announcements. Don’t let your penguin show!
Finally, in Section 14, we do what churches do best and pass around the donation plate. Please contribute
any nifty proofs of concept so that the rest of us can be enlightened!
One last thing before you dig poCoRgtfO
in. This issue is brought to you by Merchants of PoC. Are you a Merchant
of PoC, neighbor? Have you what it takes to follow the Great PoC Road, bringing the exotic treasures of
Far and Misunderstood Parts to your neighborhoods? Or are you a Merchant of Turing-complete Death and
Cyber-bullets? Fret not, neighbor: the only Merchants we fear are the Merchants of Ignorance, who seek to
ban or control what they don’t understand, and know not the harm they cause to the trade of Knowledge
and Understanding.
1So
now you can put your attachments inside your attachments—but I digress. –PML
- Addeddate
- 2014-06-29 22:59:42
- Identifier
- pocorgtfo04
- Identifier-ark
- ark:/13960/t0ns3fm9j
- Ocr
- ABBYY FineReader 9.0
- Pages
- 48
- Ppi
- 600
- Scanner
- Internet Archive HTML5 Uploader 1.5.2
comment
Reviews
There are no reviews yet. Be the first one to
write a review.
1,325 Views
DOWNLOAD OPTIONS
IN COLLECTIONS
The International Journal of POC or GTFOUploaded by szakulec on